CVE Catalog
CVE-2025-57631
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk0.76%
51th percentile - higher than 51% of all known CVEs
Summary
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module.
Risk Assessment
An attacker can gain unauthorized access to the database, steal or modify data, and in extreme cases take over the server.
Recommendation
Immediately update TDuckCloud to the latest version and apply parameterized SQL queries in the file upload module.
Original NVD description (English source)
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module

